<?php
  require_once('../practice/db.php');
  if(isset($_SESSION['id']) || !empty($_SESSION['id'])) {
  //  header('location:profile.php');
  //  exit;
  }

//pr($_POST);exit;

  if(isset($_POST['email'])&& !empty($_POST['email']) && isset($_POST['password'])&& !empty($_POST['password'])){
pr($_POST);
if(isset($_POST['remember'])){
    setcookie('email',$_POST['email'], time()+(30));
    setcookie('password',$_POST['password'], time()+(30));
} else {
    setcookie('email',$_POST['email'], time()-1);
    setcookie('password',$_POST['password'], time()-1);
}

pr1($_COOKIE);

    $email = mysql_real_escape_string($_POST['email']);
    $password = mysql_real_escape_string($_POST['password']);
    $password = (trim($password));
    $password = (md5($password));

    $query = "SELECT * FROM `users` WHERE `email`='$email' AND `password`='$password' AND `status`='1'";
    $result = mysql_query($query) or die(mysql_error());

    if(mysql_num_rows($result) == 1){
      pr('CHEERS :)');
      $user = mysql_fetch_assoc($result);

      $_SESSION['name'] = $user['name'];
      $_SESSION['id'] = $user['id'];
      $_SESSION['email'] = $user['email'];

      header('location:profile.php');
      exit;
    } else {
      pr(':( Sorry, login failed..');
    }
pr($query);

  } else {
    echo "Username / password required";
  }

pr1($_COOKIE);
?>
<form action="" method="post">
  <input type="email123" autocomplete="off" placeholder="My Email is.." name="email" required value="<?=@$_COOKIE['email']?>"/><br>
  <input type="password" autocomplete ="off" placeholder="My Password is.."  name="password" value="<?=@$_COOKIE['password']?>" required /><br>
  <label><input type="checkbox" name="remember" value="1">Remember me for 1 Hour</label>
  <input type="submit" value="login.."  />
</form>

Email : zeev@andi.com' OR '1'='1
<br>
shai@gmail.com / qwerty

